<?php 
require_once 'includes/funciones.php';
conexion();
require_once 'is_login.php';
?>



<?php 
#################ALTA COMENTARIO
if($_POST['boton']==1){
if(isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['email']) && !empty($_POST['email']) && isset($_POST['comment']) && !empty($_POST['comment'])) {
	
	$id_news=$_POST['id_news'];
	$name=sqlstring(strip_tags($_POST['name']));
	$email=sqlstring(strip_tags($_POST['email']));
	$comment=sqlstring(strip_tags($_POST['comment']));
	$created=date("Y-m-d H:i:s"); 	
	
	$campos="email, name, comment, created, id_news";
	$valores="'$email','$name','$comment','$created',$id_news";
	
	sqlinsert("comments", $campos, $valores);
	header("Location: ver_noticia.php?var=".$id_news);
	
	}

	else{
		echo "Faltan datos";
		
	}

}





#############BORRAR COMENTARIO
if(isset($_GET['id_news']) && !empty($_GET['id_news']) && isset($_GET['id_comment']) && !empty($_GET['id_comment'])){
	if(isset($_SESSION['usuario']["user"]) && isset($_GET['token']) && !empty($_GET['token'])){
		if ($_SESSION['usuario']["token"] == $_GET['token']){	 
	
			$id_news=(int)$_GET['id_news'];
			$id_comment=(int)$_GET['id_comment'];
			mysql_query("DELETE FROM comments where id_news=$id_news and id=$id_comment") or die (mysql_error());
			header("Location: ver_noticia.php?var=".$id_news);
		}
	}
}




?>